There’s a bit more to fixing a ransomware problem than paying the ransom — you need to know where the money is going.

Ransomware: It’s Coming for You

Before we look at the money, however, give this some thought. A massive 93% of phishing emails wield an active ransomware risk. So, not only are these messages trying to con you into giving up your vital personal information via a spoof website, they’re carrying a hidden threat as well. The link to the spoof website might also be the way in for ransomware.

A worrying 50% of businesses have been hit by ransomware. If they paid up (40% of them do), that money came out of a budget that could have been used to give pay raises or expand operations. The average ransomware demand is $679 — and $209 million was paid up in the first quarter of 2016 alone. That’s almost a quarter of a billion dollars!

Think about that. These are people who would lock your PC — encrypt your data — for money. They’re already that low. Why would they stick to their side of the deal? Anyone who pays up and expects the decryption key is naive.

2. You’re Incentivizing Cyber Crime

If you pay the ransom, you’re encouraging cyber criminals to go further. Here’s Trainor again: “Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity.”

Do you want to contribute to the ransomware success story? Of course not, so don’t pay up.

3. You Don’t Know Who You’re Paying

There’s always the very slim chance that the brains behind the ransomware, and the command server coordinating the attack, is a poverty-stricken student desperate for funds to complete his or her education.

But that’s not your problem. Your problem is the fact that you are being targeted by organized crime. Says Trainor: “by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

Other criminal endeavors and schemes seem the likely beneficiaries. The money you cough up for your data isn’t helping anyone to do anything benevolent. We’re talking about organizations with links to (if not control of) drug smuggling, people trafficking, and slavery.

5. Pay Up and You’re Theirs

“Never give a sucker an even break,” the old saying goes.

Criminals who spot a mark typically return to the victim again and again, with different schemes and scams designed to part you from your cash. If you’re willing to pay once, you’re likely to again. But what’s worse is this: next time, the price will almost certainly be higher. It might not be ransomware, either — it might be a scam to steal your identity. Don’t prescribe any notions of moral behavior to these people. They are criminals, they have no concern for your wellbeing, nor any consideration for your ideas about how civilized people should behave.

They just want to milk you dry. Pay up once, and you might as well just set up a direct monthly payment to the cyber criminals.

The only way we can stop ransomware is to stop playing their game. Cut off the supply of cash, and this scam will soon fold. Not paying is the way forward. Protecting your data before it can be encrypted should also be a part of your strategy, whether you’re a vast multinational corporation, a small or medium enterprise, a sole trader, or just an Average Joe (or Josephine) reading Facebook.

Have you been attacked by ransomware and paid the price? Did you get your data back? Tell us all about it in the comments.

Christian Cawley is a Deputy Editor at MakeUseOf, covering security, Linux, DIY and programming. He has extensive experience in IT desktop and software support. Christian is a regular contributor to print publications such as Linux User & Developer, as well as a number of specials from Imagine Publishing and Future…